[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 65.825121][ C0] [ 65.827612][ C0] ======================================================== [ 65.834782][ C0] WARNING: possible irq lock inversion dependency detected [ 65.841977][ C0] 5.9.0-rc5-next-20200918-syzkaller #0 Not tainted [ 65.848476][ C0] -------------------------------------------------------- [ 65.855661][ C0] swapper/0/0 just changed the state of lock: [ 65.861703][ C0] ffff888214c50108 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 65.871586][ C0] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 65.879552][ C0] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 65.879565][ C0] [ 65.879565][ C0] [ 65.879565][ C0] and interrupts could create inverse lock ordering between them. [ 65.879565][ C0] [ 65.899458][ C0] [ 65.899458][ C0] other info that might help us debug this: [ 65.907497][ C0] Possible interrupt unsafe locking scenario: [ 65.907497][ C0] [ 65.915807][ C0] CPU0 CPU1 [ 65.921168][ C0] ---- ---- [ 65.926526][ C0] lock(&card->ctl_files_rwlock); [ 65.931626][ C0] local_irq_disable(); [ 65.938446][ C0] lock(&group->lock); [ 65.945105][ C0] lock(&card->ctl_files_rwlock); [ 65.952732][ C0] [ 65.956180][ C0] lock(&group->lock); [ 65.960499][ C0] [ 65.960499][ C0] *** DEADLOCK *** [ 65.960499][ C0] [ 65.968624][ C0] 1 lock held by swapper/0/0: [ 65.973365][ C0] #0: ffffc90000007d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 65.982647][ C0] [ 65.982647][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 65.992035][ C0] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 65.998101][ C0] HARDIRQ-ON-R at: [ 66.002294][ C0] lock_acquire+0x1f2/0xaa0 [ 66.008605][ C0] _raw_read_lock+0x5b/0x70 [ 66.014926][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 66.021922][ C0] snd_ctl_notify+0x8f/0xb0 [ 66.028222][ C0] __snd_ctl_add_replace+0x638/0x800 [ 66.035302][ C0] snd_ctl_add_replace+0x76/0x130 [ 66.042120][ C0] snd_dummy_probe+0xc22/0x1180 [ 66.048793][ C0] platform_drv_probe+0x87/0x140 [ 66.055614][ C0] really_probe+0x282/0x9f0 [ 66.062009][ C0] driver_probe_device+0xfe/0x1d0 [ 66.068842][ C0] __device_attach_driver+0x1c2/0x220 [ 66.076016][ C0] bus_for_each_drv+0x15f/0x1e0 [ 66.082685][ C0] __device_attach+0x228/0x470 [ 66.089275][ C0] bus_probe_device+0x1e4/0x290 [ 66.095927][ C0] device_add+0xb17/0x1c40 [ 66.102155][ C0] platform_device_add+0x34f/0x6d0 [ 66.109101][ C0] platform_device_register_full+0x38c/0x4e0 [ 66.116887][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 66.123902][ C0] do_one_initcall+0x103/0x6f0 [ 66.130473][ C0] kernel_init_freeable+0x652/0x6d6 [ 66.137487][ C0] kernel_init+0xd/0x1b8 [ 66.143529][ C0] ret_from_fork+0x1f/0x30 [ 66.149756][ C0] SOFTIRQ-ON-R at: [ 66.153805][ C0] lock_acquire+0x1f2/0xaa0 [ 66.160119][ C0] _raw_read_lock+0x5b/0x70 [ 66.166430][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 66.173887][ C0] snd_ctl_notify+0x8f/0xb0 [ 66.180205][ C0] __snd_ctl_add_replace+0x638/0x800 [ 66.187490][ C0] snd_ctl_add_replace+0x76/0x130 [ 66.194334][ C0] snd_dummy_probe+0xc22/0x1180 [ 66.200993][ C0] platform_drv_probe+0x87/0x140 [ 66.207738][ C0] really_probe+0x282/0x9f0 [ 66.214072][ C0] driver_probe_device+0xfe/0x1d0 [ 66.220899][ C0] __device_attach_driver+0x1c2/0x220 [ 66.228082][ C0] bus_for_each_drv+0x15f/0x1e0 [ 66.235211][ C0] __device_attach+0x228/0x470 [ 66.241774][ C0] bus_probe_device+0x1e4/0x290 [ 66.248446][ C0] device_add+0xb17/0x1c40 [ 66.254822][ C0] platform_device_add+0x34f/0x6d0 [ 66.261759][ C0] platform_device_register_full+0x38c/0x4e0 [ 66.269537][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 66.276553][ C0] do_one_initcall+0x103/0x6f0 [ 66.283136][ C0] kernel_init_freeable+0x652/0x6d6 [ 66.290144][ C0] kernel_init+0xd/0x1b8 [ 66.296211][ C0] ret_from_fork+0x1f/0x30 [ 66.302432][ C0] (null) at: [ 66.305958][ C0] ================================================================================ [ 66.315210][ C0] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 66.323576][ C0] index 9 is out of range for type 'lock_trace *[9]' [ 66.330245][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 66.339321][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.349437][ C0] Call Trace: [ 66.352696][ C0] [ 66.355532][ C0] dump_stack+0x198/0x1fb [ 66.359843][ C0] ubsan_epilogue+0xb/0x5a [ 66.364245][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 66.370375][ C0] ? vprintk_func+0x95/0x1e0 [ 66.374973][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 66.381657][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 66.387734][ C0] mark_lock.cold+0x57/0x74 [ 66.392230][ C0] ? lock_chain_count+0x20/0x20 [ 66.397073][ C0] ? lock_is_held_type+0xbb/0xf0 [ 66.402097][ C0] ? find_held_lock+0x2d/0x110 [ 66.406946][ C0] ? debug_object_activate+0x287/0x3e0 [ 66.412395][ C0] ? lock_downgrade+0x830/0x830 [ 66.417222][ C0] __lock_acquire+0x118a/0x56d0 [ 66.422097][ C0] ? lock_downgrade+0x830/0x830 [ 66.426938][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 66.432921][ C0] ? mark_lock+0xf7/0x2420 [ 66.437336][ C0] lock_acquire+0x1f2/0xaa0 [ 66.441837][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.447712][ C0] ? lock_release+0x890/0x890 [ 66.452377][ C0] ? find_held_lock+0x2d/0x110 [ 66.457119][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 66.463420][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 66.468900][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 66.474412][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.480284][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.485984][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 66.491455][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 66.497602][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.504178][ C0] call_timer_fn+0x1a5/0x6b0 [ 66.508751][ C0] ? add_timer_on+0x4a0/0x4a0 [ 66.513440][ C0] ? lock_downgrade+0x830/0x830 [ 66.518276][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 66.523306][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 66.528489][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.535235][ C0] __run_timers.part.0+0x67c/0xa50 [ 66.540408][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 66.545223][ C0] ? lapic_next_event+0x4d/0x80 [ 66.550077][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 66.555273][ C0] ? sched_clock+0x2a/0x40 [ 66.559683][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 66.564542][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 66.569772][ C0] run_timer_softirq+0xb3/0x1d0 [ 66.574605][ C0] __do_softirq+0x203/0xab6 [ 66.579088][ C0] asm_call_on_stack+0xf/0x20 [ 66.583744][ C0] [ 66.586858][ C0] do_softirq_own_stack+0x9d/0xd0 [ 66.591863][ C0] irq_exit_rcu+0x235/0x280 [ 66.596347][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 66.602132][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.608103][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 66.613453][ C0] Code: 89 ef e8 a5 99 76 f9 e9 86 fe ff ff 48 89 df e8 98 99 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d c4 14 49 00 fb f4 90 e9 07 00 00 00 0f 00 2d b4 14 49 00 f4 c3 cc cc 55 53 e8 09 [ 66.633165][ C0] RSP: 0018:ffffffff8a007d48 EFLAGS: 00000293 [ 66.639225][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff171e639 [ 66.647172][ C0] RDX: ffffffff8a09ce40 RSI: ffffffff883fd4d3 RDI: 0000000000000000 [ 66.655118][ C0] RBP: ffff8880a6548064 R08: 0000000000000001 R09: 0000000000000001 [ 66.663077][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 66.671123][ C0] R13: ffff8880a6548000 R14: ffff8880a6548064 R15: ffff88821860f004 [ 66.679095][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 66.684284][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 66.689394][ C0] acpi_idle_enter+0x35a/0x550 [ 66.694148][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 66.699252][ C0] ? tick_nohz_idle_stop_tick+0x5b6/0xbd0 [ 66.704952][ C0] cpuidle_enter+0x4a/0xa0 [ 66.709343][ C0] do_idle+0x48e/0x730 [ 66.713386][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 66.718384][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 66.724666][ C0] cpu_startup_entry+0x14/0x20 [ 66.729404][ C0] start_kernel+0x490/0x4b1 [ 66.733885][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 66.739768][ C0] ================================================================================ [ 66.749032][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 66.755596][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 66.764691][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.774715][ C0] Call Trace: [ 66.777984][ C0] [ 66.780825][ C0] dump_stack+0x198/0x1fb [ 66.785127][ C0] panic+0x382/0x7fb [ 66.788995][ C0] ? __warn_printk+0xf3/0xf3 [ 66.793573][ C0] ? secondary_startup_64_no_verify+0xa6/0xab [ 66.799621][ C0] ? ubsan_epilogue+0x3e/0x5a [ 66.804274][ C0] ? ubsan_epilogue+0x35/0x5a [ 66.809021][ C0] ubsan_epilogue+0x54/0x5a [ 66.813512][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 66.819641][ C0] ? vprintk_func+0x95/0x1e0 [ 66.824205][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 66.830856][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 66.836988][ C0] mark_lock.cold+0x57/0x74 [ 66.841565][ C0] ? lock_chain_count+0x20/0x20 [ 66.846501][ C0] ? lock_is_held_type+0xbb/0xf0 [ 66.851419][ C0] ? find_held_lock+0x2d/0x110 [ 66.856159][ C0] ? debug_object_activate+0x287/0x3e0 [ 66.861625][ C0] ? lock_downgrade+0x830/0x830 [ 66.866472][ C0] __lock_acquire+0x118a/0x56d0 [ 66.871398][ C0] ? lock_downgrade+0x830/0x830 [ 66.876259][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 66.882222][ C0] ? mark_lock+0xf7/0x2420 [ 66.886618][ C0] lock_acquire+0x1f2/0xaa0 [ 66.891123][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.896994][ C0] ? lock_release+0x890/0x890 [ 66.901652][ C0] ? find_held_lock+0x2d/0x110 [ 66.906391][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 66.912846][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 66.918198][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 66.923390][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.929268][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.935060][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 66.940329][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 66.946760][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.953245][ C0] call_timer_fn+0x1a5/0x6b0 [ 66.957819][ C0] ? add_timer_on+0x4a0/0x4a0 [ 66.962476][ C0] ? lock_downgrade+0x830/0x830 [ 66.967310][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 66.972240][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 66.977418][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.983925][ C0] __run_timers.part.0+0x67c/0xa50 [ 66.989024][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 66.993770][ C0] ? lapic_next_event+0x4d/0x80 [ 66.998631][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 67.003917][ C0] ? sched_clock+0x2a/0x40 [ 67.008308][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 67.013152][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 67.018256][ C0] run_timer_softirq+0xb3/0x1d0 [ 67.023089][ C0] __do_softirq+0x203/0xab6 [ 67.027679][ C0] asm_call_on_stack+0xf/0x20 [ 67.032329][ C0] [ 67.035257][ C0] do_softirq_own_stack+0x9d/0xd0 [ 67.040258][ C0] irq_exit_rcu+0x235/0x280 [ 67.044746][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 67.050376][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.056334][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 67.061684][ C0] Code: 89 ef e8 a5 99 76 f9 e9 86 fe ff ff 48 89 df e8 98 99 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d c4 14 49 00 fb f4 90 e9 07 00 00 00 0f 00 2d b4 14 49 00 f4 c3 cc cc 55 53 e8 09 [ 67.081271][ C0] RSP: 0018:ffffffff8a007d48 EFLAGS: 00000293 [ 67.087355][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff171e639 [ 67.095338][ C0] RDX: ffffffff8a09ce40 RSI: ffffffff883fd4d3 RDI: 0000000000000000 [ 67.103284][ C0] RBP: ffff8880a6548064 R08: 0000000000000001 R09: 0000000000000001 [ 67.111244][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 67.119211][ C0] R13: ffff8880a6548000 R14: ffff8880a6548064 R15: ffff88821860f004 [ 67.127265][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 67.132445][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 67.137462][ C0] acpi_idle_enter+0x35a/0x550 [ 67.142213][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 67.147315][ C0] ? tick_nohz_idle_stop_tick+0x5b6/0xbd0 [ 67.153005][ C0] cpuidle_enter+0x4a/0xa0 [ 67.157396][ C0] do_idle+0x48e/0x730 [ 67.161446][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 67.166454][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 67.172717][ C0] cpu_startup_entry+0x14/0x20 [ 67.177474][ C0] start_kernel+0x490/0x4b1 [ 67.181953][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 67.188529][ C0] Kernel Offset: disabled [ 67.192852][ C0] Rebooting in 86400 seconds..